Skip to content

Commit f40d792

Browse files
committed
cleanup module imports and update expected outputs
1 parent 85b2253 commit f40d792

File tree

4 files changed

+49
-8
lines changed

4 files changed

+49
-8
lines changed

javascript/ql/src/Security/CWE-079/ExceptionXss.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,5 +21,5 @@ from
2121
where
2222
cfg.hasFlowPath(source, sink)
2323
select sink.getNode(), source, sink,
24-
sink.getNode().(XSS::Shared::Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(),
24+
sink.getNode().(Xss::Shared::Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(),
2525
"user-provided value"

javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,7 @@ import javascript
99
module ExceptionXss {
1010
import DomBasedXssCustomizations::DomBasedXss as DomBasedXssCustom
1111
import ReflectedXssCustomizations::ReflectedXss as ReflectedXssCustom
12-
import Xss::DomBasedXss as DomBasedXss
13-
import Xss::ReflectedXss as ReflectedXSS
14-
import Xss::StoredXss as StoredXss
15-
import Xss as XSS
12+
import Xss as Xss
1613

1714
/**
1815
* Holds if `node` cannot cause an exception containing sensitive information to be thrown.
@@ -59,14 +56,14 @@ module ExceptionXss {
5956
Configuration() { this = "ExceptionXss" }
6057

6158
override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
62-
source instanceof XSS::Shared::Source and label instanceof NotYetThrown
59+
source instanceof Xss::Shared::Source and label instanceof NotYetThrown
6360
}
6461

6562
override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
66-
sink instanceof XSS::Shared::Sink and not label instanceof NotYetThrown
63+
sink instanceof Xss::Shared::Sink and not label instanceof NotYetThrown
6764
}
6865

69-
override predicate isSanitizer(DataFlow::Node node) { node instanceof XSS::Shared::Sanitizer }
66+
override predicate isSanitizer(DataFlow::Node node) { node instanceof Xss::Shared::Sanitizer }
7067

7168
override predicate isAdditionalFlowStep(
7269
DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl,

javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss.expected

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,23 @@ nodes
5252
| exception-xss.js:119:14:119:30 | "Exception: " + e |
5353
| exception-xss.js:119:14:119:30 | "Exception: " + e |
5454
| exception-xss.js:119:30:119:30 | e |
55+
| exception-xss.js:125:48:125:64 | document.location |
56+
| exception-xss.js:125:48:125:64 | document.location |
57+
| exception-xss.js:125:48:125:71 | documen ... .search |
58+
| exception-xss.js:128:11:128:52 | session ... ssion') |
59+
| exception-xss.js:129:10:129:10 | e |
60+
| exception-xss.js:130:18:130:18 | e |
61+
| exception-xss.js:130:18:130:18 | e |
62+
| tst.js:298:9:298:16 | location |
63+
| tst.js:298:9:298:16 | location |
64+
| tst.js:299:10:299:10 | e |
65+
| tst.js:300:20:300:20 | e |
66+
| tst.js:300:20:300:20 | e |
67+
| tst.js:305:10:305:17 | location |
68+
| tst.js:305:10:305:17 | location |
69+
| tst.js:307:10:307:10 | e |
70+
| tst.js:308:20:308:20 | e |
71+
| tst.js:308:20:308:20 | e |
5572
edges
5673
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:9:11:9:13 | foo |
5774
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:15:9:15:11 | foo |
@@ -104,6 +121,20 @@ edges
104121
| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:30:119:30 | e |
105122
| exception-xss.js:119:30:119:30 | e | exception-xss.js:119:14:119:30 | "Exception: " + e |
106123
| exception-xss.js:119:30:119:30 | e | exception-xss.js:119:14:119:30 | "Exception: " + e |
124+
| exception-xss.js:125:48:125:64 | document.location | exception-xss.js:125:48:125:71 | documen ... .search |
125+
| exception-xss.js:125:48:125:64 | document.location | exception-xss.js:125:48:125:71 | documen ... .search |
126+
| exception-xss.js:125:48:125:71 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') |
127+
| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:10:129:10 | e |
128+
| exception-xss.js:129:10:129:10 | e | exception-xss.js:130:18:130:18 | e |
129+
| exception-xss.js:129:10:129:10 | e | exception-xss.js:130:18:130:18 | e |
130+
| tst.js:298:9:298:16 | location | tst.js:299:10:299:10 | e |
131+
| tst.js:298:9:298:16 | location | tst.js:299:10:299:10 | e |
132+
| tst.js:299:10:299:10 | e | tst.js:300:20:300:20 | e |
133+
| tst.js:299:10:299:10 | e | tst.js:300:20:300:20 | e |
134+
| tst.js:305:10:305:17 | location | tst.js:307:10:307:10 | e |
135+
| tst.js:305:10:305:17 | location | tst.js:307:10:307:10 | e |
136+
| tst.js:307:10:307:10 | e | tst.js:308:20:308:20 | e |
137+
| tst.js:307:10:307:10 | e | tst.js:308:20:308:20 | e |
107138
#select
108139
| exception-xss.js:11:18:11:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:11:18:11:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
109140
| exception-xss.js:17:18:17:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:17:18:17:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
@@ -115,3 +146,6 @@ edges
115146
| exception-xss.js:97:18:97:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:97:18:97:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
116147
| exception-xss.js:107:18:107:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:107:18:107:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
117148
| exception-xss.js:119:14:119:30 | "Exception: " + e | exception-xss.js:117:13:117:25 | req.params.id | exception-xss.js:119:14:119:30 | "Exception: " + e | Cross-site scripting vulnerability due to $@. | exception-xss.js:117:13:117:25 | req.params.id | user-provided value |
149+
| exception-xss.js:130:18:130:18 | e | exception-xss.js:125:48:125:64 | document.location | exception-xss.js:130:18:130:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:125:48:125:64 | document.location | user-provided value |
150+
| tst.js:300:20:300:20 | e | tst.js:298:9:298:16 | location | tst.js:300:20:300:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:298:9:298:16 | location | user-provided value |
151+
| tst.js:308:20:308:20 | e | tst.js:305:10:305:17 | location | tst.js:308:20:308:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:305:10:305:17 | location | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/exception-xss.js

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -120,3 +120,13 @@ app.get('/user/:id', function(req, res) {
120120
}
121121
});
122122

123+
124+
(function () {
125+
sessionStorage.setItem('exceptionSession', document.location.search);
126+
127+
try {
128+
unknown(sessionStorage.getItem('exceptionSession'));
129+
} catch(e) {
130+
$('myId').html(e); // NOT OK
131+
}
132+
})();

0 commit comments

Comments
 (0)